Hackers entered Twitch and disclosed a large amount of corporate data, including proprietary code, creator payments, and “all of Twitch.tv.” Twitch confirmed the violation in a tweet on Wednesday morning, but did not provide further details.
In addition to the Twitch.tv code, the attackers said they stole the site’s mobile, desktop and console Twitch clients. It also gained access to “proprietary SDKs and internal AWS services used by Twitch”, other properties like IGDB and CurseForge, a first-time Steam competitor to Amazon Game Studios (codenamed Vapor), and red-teaming tools. internal Twitch SOC. It also shows creator payouts from 2019 to now, including top streamers like Nickmercs, TimTheTatMan, and xQc.
While we have not verified the claim that “all” of Twitch’s source code has been leaked, the 126 GB repository files appear to be genuine and the payout figures of nearly $ 2.4 million. streamers seem to be present. Hackers said the leak, which includes source code for nearly 6,000 internal Github repositories, is also just the “first part” of a larger release.
It does not appear that information such as user passwords, addresses and bank details have been revealed, but this cannot be ruled out in a future decline. If you have a Twitch account, you must enable two-factor authentication so that bad actors cannot log into your account if your password has been stolen.
The group also said the Twitch community is a “disgusting toxic sump,” so the action may be linked to recent hate raids that prompted streamers to take a day off to protest. Twitch has previously said it’s trying to stop the hate raiding problem, but it’s not a “simple fix.”
It is not yet clear how attackers were able to steal such a large amount of data, especially since Twitch is owned by Amazon, which operates one of the largest web hosting companies in the world.
Update (6/10/21, 11:33 am ET): This post has been updated to reflect that Twitch confirmed on Wednesday that the breach took place.